Saki

joined 1 year ago
MODERATOR OF
[–] Saki@monero.town 3 points 5 months ago

For those who are still on Win 7: Firefox (and so Tor Browser) will stop supporting Win 7 soon. Seriously, you better plan to migrate to Linux. Not-so-good privacy issues aside, everyone knows Windows is not very secure/safe/convenient anyway.

[–] Saki@monero.town 6 points 5 months ago

Generally, votes are overrated. Especially if you’re not mainstream, by definition most people won’t support you, won’t agree with you, won’t understand you.

Some things may be downvoted because they’re too stupid. But occasionally, you might be downvoted simply because you’re a bit too early. Like, if you’d said “being gay is not crime” or something 50 years ago, you might have got downvoted… Just a thought.

[–] Saki@monero.town 1 points 5 months ago* (last edited 5 months ago)

Maybe what you’re thinking is like an XMR version of Bisq's “Get your first BTC” room?

https://bisq.wiki/Getting_your_first_BTC This dilemma is real and understandable, while it’s not clear what would be the best solution:

For new users, Bisq requires between 0.002 and 0.007 BTC for traders to make their first trade: [...] It can be difficult for new bitcoiners to acquire their first coins, so this requirement is often a barrier for new Bisq users. The Get your first BTC room offers one possible way to get this initial bitcoin without signing up for a centralized exchange.

Basically the same thing for Haveno, I guess.

[–] Saki@monero.town 2 points 9 months ago (1 children)

Another bad experience related to Mastercard: https://monero.town/post/1791576

[–] Saki@monero.town 1 points 9 months ago (3 children)

Cake Pay should be fine for most gift cards, I don’t think they usually ask for KYC for those.

So perhaps your recent bad experience with Mastercard EUR cards are rather exceptional?

[–] Saki@monero.town 3 points 10 months ago (5 children)

Thanks for warning. Saw https://monero.town/post/872283 too. Guess Cake Pay may be convenient for those who are fine with KYC. Another option, that Stealths thing is more expensive (higher fees), so basically if you want to buy a gift card here or there, you’ll have to choose between (possible) KYC and higher fees. Or so it seems…

[–] Saki@monero.town 3 points 10 months ago (1 children)

According to @azalty@monero.town, Cake Pay works fine if you’re fine with KYC, and otherwise you may just lose your money: https://monero.town/post/872283

If you’re a privacy advocate not fully supporting KYC but want to try this anyway, then try a small amount, because you may lose all your money. Another recent option is more privacy-friendly and KYC-free, but the fees are higher with them.

[–] Saki@monero.town 2 points 10 months ago

We know the ability to get Monero will not be essentially affected—after all, this is not the first time, nor the second time, when Monero is delisted. It seems reasonable to admit, though, that ultimately the ability/freedom to spend Monero might be limited if legit (e.g. hosting) companies can’t accept it in the future—directly or indirectly because of MiCA etc. Although, what will happen in such a situation may be seen as an interesting experiment.


Since the posted link is not very Tor-friendly behind CF, similar random links just in case…

Following the announcement, privacy tokens such as Dash (DASH), Monero (XMR), and Zcash (ZEC) witnessed a notable decline of up to 10%

The prices of some of these tokens have headed south shortly after the announcement. XMR is down nearly 3% in the past 24 hours, while ZEC has plunged by 10%

[–] Saki@monero.town 4 points 10 months ago (2 children)

The concept may be lovely, but the fact is, many people nowadays have been Pavlov’ed to immediately ignore anything weird that says, "Congratulations! You got some money. Visit this URL and input something." As they say, the Cake is a lie…

Monero could be a wonderful gift to a friend of yours if they’re especially interested in privacy (in that case, you might want to talk to them privately, and perhaps recommend a better wallet). Otherwise, it may be kind of like casting pearls before swine…

[–] Saki@monero.town 8 points 10 months ago* (last edited 10 months ago)

Tor Browser is planning to remove Google from the search engine options a user can choose: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41835

There some say brave onion + no JS is good: https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion/

Mullvad team seems to be considering 4 possible options:


PS: Not disgussing ddg / ddg onion too much, basically because ddg is the long-time default search engine of TB. Most TB users assume ddg is a decent, standard, generic option, esp. its non-JS version.

 

“Some Hackers have figured out there is no quick and easy way for a company that receives one of these EDRs (emergency data request) to know whether it is legitimate,” he said.

“The hackers will send a fake emergency data request along with an attestation that innocent people will likely suffer greatly or die unless the requested data is provided immediately.”

[–] Saki@monero.town 1 points 10 months ago* (last edited 10 months ago)

Trocador shows it explicitly whether a specific CEX is no-log or requiting IP logging, which you can choose. This new thing doesn’t have TOS nor Privacy Policy to begin with. Yet as long as you use onion, logging by the front-end is rather irrelevant.

Even if the front-end is not logging anything (which no one can verify), a CEX behind it surely records the tx and retains it as required by laws (some of them might be less than perfectly legal and might not record anything, though that would mean a different kind of risk). Using a CEX is more or less risky, be it Trocador or something else. Some may think that an instant swap by CEX is convenient. Personally I prefer DEX, even though it may be less convenient, even though Monero.town itself has an official affiliate link to Trocador too.

[–] Saki@monero.town 2 points 10 months ago

Asia might potentially be a better idea (not Japan or Korea though)

You mean, like Hong Kong, or India, maybe? What do you mean by “not Japan or Korea though”? I’d feel China would be worse. Privacy-focused services tend to be pricey anyway, both in Europe and in the US, and the price comparison is tricky as EUR/USD can move weirdly. If you’re talking about Njalla (Sweden), it’s indeed rather expensive.

Although France seems to be generally anti-cryptography, of course you wouldn’t go to jail just because you use Tails. There was this notorious incident related to French activists & Proton, though. Also, the Netherlands can be scary. They arrested a developer of Tornado Cash, right? Although, those things have nothing to do with VPS!

 

How FinCEN May Be Violating Your Rights
A call to action against FINCEN proposal 2023-0016A
Written By Preston Pysh

Eroding Anonymity Through Additional Verification: The mandate for “Additional Customer Identity Verification Measures for Transactions Involving Unhosted Wallets” is a direct affront to privacy and anonymity. This requirement transgresses on the First Amendment’s sanctuary for anonymous speech

A Direct Assault on Anonymity-Enhanced Currencies: The “Prohibition on the Use of Anonymity-Enhanced Convertible Virtual Currencies (AECVC)” is nothing short of a legislative bulldozer through the edifice of privacy.

See also: Preston Pysh says proposed FinCEN crypto rules violate US Constitution

 

Apparently, the Nintendo Switch gets 230 hashes per second mining #Monero

Jpeg Image

Can you mine crypto with a Nintendo Switch? https://cryptonews.net/news/mining/27918548/

Interestingly, RandomX, the Monero mining algorithm, allows for alternative experiments like this due to being ASIC-resistant. Miners can use simple CPUs or gaming devices to run the algorithm and try their luck at block discovery while supporting network security.

 

EDIT: Don’t take this too seriously; do not actually send a donation (unless you really want to, like admiring “Nice photoshopping!” “Thanks for the fun pic”). While it’s entertaining and thought-provoking, using their work this way is ethically questionable too. As @z0rg0n pointed out, one could even see this as a scam. Although it’s a fine work and freedom of expression is more important, this may more properly belong to “Memes”.


EDIT2: This post and “cool if real” by @alphonse https://monero.town/post/1122495 were created almost at the same time. That was a coincidental post conflict; @alphonse’s post was actually earlier by about 1 hour!


Is someone crowdfunding a Monero ad in India’s economic newspaper?

Interestingly, a Monero ad could be circulating in India’s traditional English newspaper: The Economic Times. The pseudonymous Stoic, author of “The Monero Standard,” shared a picture of the newspaper’s November 16th edition. In the picture, it is possible to see the paper’s opened front page with a large ad about XMR.

“Monero transactions respect your privacy. Can you say that about the INDIAN RUPEE or the U.S. DOLLAR?”

Moreover, the image also includes a QR-Code for donations in “XMR only,” which suggests its owner is expecting to crowdfund what was spent for this supposed insertion.

 

the onchain activities of the attackers were monitored and […] action was taken to freeze the wallets held by the attackers by working with other cryptocurrency exchanges

a member of the cryptocurrency community questioned how Binance could freeze these funds despite the fact that cryptocurrencies are marketed as not being confiscable by third parties

Changpeng Zhao […] said that the whole thing is a matter of balance. […] CZ implied that a solution to events such as theft cannot be found in a system that cannot be completely frozen.

CZ stated that if users use privacy coins such as Monero (XMR), such freezes will not occur, but the stolen funds cannot be returned.

Cf.

PS. See also: Bitcoin can be traced, If you use XMR, then there isn’t much anyone can do https://monero.town/post/1069626

 

regulatory scrutiny is shifting towards privacy coins […] Understanding how they will be implemented in systems that are decentralized, where the developers and maintainers often maintain anonymity, is complex.

E.g. Bisq, Haveno

compliance with these regulations becomes a paradox for such projects since the crux of privacy coins lies in their ability to mask transaction details, which inherently contradicts the essence of regulations […] Therefore, achieving full regulatory compliance for privacy coins may sometimes seem impossible. […] in the UK, the Financial Conduct Authority (FCA) has been proactive in educating consumers about the risks associated with privacy coins but has not implemented bans or specific regulations concerning them.

in the United States, proposed legislation such as the STABLE Act could further extend the regulatory framework […] it’s plausible that the provisions of the STABLE Act […] could potentially mean that transactions involving privacy coins would need some form of identity verification

A prime example of a regulatory shift impacting privacy coins is the European Union’s Fifth Anti-Money Laundering Directive (5AMLD) […] these platforms are now obliged to implement customer due diligence measures, […] verifying user identities and monitoring transactions for any signs of activity.

Potentially:

  • Alice (unhosted wallet) sends coins to Bob (CEX) -> Alice is also KYCed by the CEX
  • Alice (CEX) sends coins to Bob (unhosted) -> Bob is KYCed too
 

Monero Project admits thieves stole 6-figure sum from a wallet in mystery breach

https://lemmy.world/post/7993453 i.e. https://monero.town/post/1045387

While there are typical comments like crypto=scam “You have to be quite stupid to support crypto in 2023”, there are also replies like these (with which more people seem to agree, unexpectedly):

It’s designed to protect anyone using it - even attackers. That’s the price to pay for having privacy. The alternative is an Orwellian dystopia.

If you’re going to use Luna, FTX, and NFTs as arguments about something like Monero, […] you probably don’t really understand any of them.

It’s a bit odd that such a discussion is more active on a different Lemmy instance than here, but it’s interesting to hear honest opinions of various people about the incident, about Monero. Maybe your views are different from them, from mine. For example, one person states there that while they know exactly what Monaro is, they’re still skeptical.

 

Collateral wallet is 2-3 multi-signature wallet but it doesn't have to be Monero. Bitcoin multi-signature is much more tested and very ease to use using Electrum or similar.

Option two on this topic would be to use Monero multi-signature to keep Collateral.

-4
submitted 1 year ago* (last edited 1 year ago) by Saki@monero.town to c/monero@monero.town
 

Somewhat curious, though not like using xmr speculatively.

  • 2023-11-02T15:57 CCS Wallet Incident · Issue #916 · monero-project/meta · GitHub
  • 2023-11-04T00:39 [Moonstone Research] Postmortem of Monero CCS Hack: A Transaction Graph Analysis (Dated Nov 03)
  • 2023-11-05T07:20 [One of the earliest media reports] Monerujo Wallet User Drains Monero’s CCS Wallet: Report - Coin Edition

Some of the media reports are negatively confusing, like saying the Monero network is defective. Date-Time in UTC.

Edit: Moonstone Research -> 2023-11-04T00:39 was based on the server response headers (last-modified). Apparently the blog post was created about 1 hour earlier (the link was posted on Github at 2023-11-03 23:50).

 

Nothing really new for us. Just one of the earliest media reports for the record.

Edit (2023-11-06): Apparently, one of the earliest reports about the incident by general (“outside”) media is, Monerujo Wallet User Drains Monero’s CCS Wallet: Report [blocking Tor: archive.org], at 2023-11-05T07:20+00:00.

It’s interesting to see how general people are looking at this, and relatedly how they are thinking about Monero, although generally what’s written there is nothing new nor helpful for us (often disturbingly inaccurate even). For this reason I posted a few random links to related articles. You can add more and comment on it, if there are anything interesting or especially stupid 😖

 

While privacy coins promise enhanced anonymity and financial freedom, they also pose challenges […] they often face heightened regulatory scrutiny, with some governments banning or heavily regulating their use.

the very feature that makes them attractive – their privacy – can also be their Achilles’ heel. […] This dual-edged sword might deter potential new adopters and pose reputational risks for those involved in legitimate uses of privacy coins.

Cryptocurrency privacy is vital for ensuring personal liberty and maintaining fungibility, becoming even more crucial as surveillance and data collection grow. […] a balance of innovative privacy technologies and thoughtful regulation is essential

We all know this; not easy.

 

The bug fixed in cURL 8.4.0 (CVE-2023-38545) is a nasty one, but it seems rather harmless in our context.

First of all, if you don’t use socks5, this issue should be irrelevant. (But do your own research. Source code is there for you to freely study, modify, compile.)

According to the blog, the bug could be exploited only if a socks5 proxy user is tricked to resolve a crazy long hostname (~1024 characters+), which sounds unlikely; except if your direct peer is evil, they might be able to send you a crazy long hostname instead of a numeric IP… maybe? However, if you’re on socks5 proxy, the attacker can’t see your real IP to begin with, so they can’t attack you (I think).

The only attack vector my stupid head can think of is: if for some reason you use both clear connections and socks5 connections, then a lucky attacker who notices your behavior can hit your real IP when you’re on Tor, using your wallet address as an identifier. (Tor exit nodes are public, so they know someone is on Tor.) Even then, maybe the worst thing that could happen is that your p2pool crashes due to buffer overrun.

view more: next ›